Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Recent vulnerabilities and exploits

6.5
CVSSv2
CVE-2021-27201
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment....
Endian Firewall Community 3.3.2
9
CVSSv2
CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command....
Zen-cart Zen Cart 1.5.7b
6.8
CVSSv2
CVE-2021-3336
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can...
Wolfssl Wolfssl
NA
CVE-2021-27342
D-Link-CVE-2021-27342-exploit Exploit for CVE-2021-27342 vulnerability (telnet authentication brute-force protection bypass)...
4.3
CVSSv2
CVE-2018-17960
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste....
5
CVSSv2
CVE-2020-17527
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...
4.3
CVSSv2
CVE-2021-24122
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the...
Apache TomcatApache Tomcat 9.0.0Apache Tomcat 10.0.0Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected....
4.3
CVSSv2
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin)....
Ckeditor Ckeditor
4.3
CVSSv2
CVE-2020-9281
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax)....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-29506CVE-2020-20092encryptionCVE-2021-21551arbitrary unspecifiedCVE-2020-23689CVE-2021-28476CVE-2021-20996
Vulnerability Notification Service
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook